[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Problems with logcheck readout?
- Subject: RE: [cobalt-security] Problems with logcheck readout?
- From: "Curtis Ross" <Curtis_Ross@xxxxxx>
- Date: Tue, 27 Mar 2001 10:06:09 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> -----Original Message-----
> From: simon@xxxxxxxxxxxxx@CPR
[mailto:IMCEANOTES-simon+40bigpink+2Eco+2Euk+40CPR@xxxxxx]
> Sent: Tuesday, March 27, 2001 8:48 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] Problems with logcheck readout?
>
>
> Hi,
> I have just installed logcheck and recieved my first e-mail back from
it.
> It contains hundreds of entries and to be honest I don't understand
much of
> it.
> Can you help?
>
> I have included one example of each entry, although most are featured
> many many times.
>
> Mar 27 05:15:03 ns1 sendmail[26811]: NOQUEUE: localhost [127.0.0.1]
did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA
^^Normal. Just your system checking your sendmail.^^
> Mar 21 17:15:33 ns1 proftpd[16878]: server name
> (ARouen-101-1-1-109.abo.wanadoo.fr[193.251.28.109]) - no such user
> 'anonymous'
> Mar 21 17:15:35 ns1 last message repeated 4 times
> Mar 21 17:15:35 ns1 proftpd[16878]: server name
> (ARouen-101-1-1-109.abo.wanadoo.fr[193.251.28.109]) - USER anonymous
(Login
> failed): Can't find user.
> Mar 21 17:15:36 ns1 proftpd[16878]: server name
> (ARouen-101-1-1-109.abo.wanadoo.fr[193.251.28.109]) - FTP session
closed.
^^Suspcious. Looks like someone is trying to log in anonymously.^^
> This one appears evey few minutes, hundreds of entries
>
> Mar 22 00:00:01 ns1 proftpd[901]: server name (localhost[127.0.0.1]) -
FTP
> session closed.
> Mar 22 00:00:04 ns1 telnetd[914]: ttloop: read: Broken pipe
^^Normal. Just your system checking your FTP and Telnet.^^
> What does it mean?
> Thanks